Spidering - attempts to identify application functionality by automated traversal of site hierarchy and permuting common variations on popular naming conventions.
Manual fault injection -manual submission of malicious data to identify security vulnerabilities in request path.
Automated fault injection ( fuzzing ) - automated submission of a range of malicious data to identify security vulnerabilities in request path.
Known vulnerability testing - identification of vulnerabilities in the hosting platform ( web server , servlet container ) using primarily automated analysis techniques .
Candidate point - automated analysis to pinpoint known vulnerability patterns , followed by manual analysis to validate any vulnerability candidate.
Eliminate false positives.
Investigate the extent of the findings.
Awarded & Facilitate Compliance